Sr. Governance Risk & Compliance Analyst

In this role as a professional specializing in security architecture and risk management within regulated environments, your key responsibilities will include: - Conducting comprehensive security risk assessments for new and existing systems, applications, and network infrastructure. - Developing, implementing, and maintaining security frameworks, standards, and best practices across the organization. - Overseeing third-party risk management (TPRM), including due diligence, assessment, and continuous monitoring of vendor security posture. - Collaborating with IT, engineering, and business teams to identify and mitigate security risks in design and deployment. - Performing Security Architecture reviews, risk assessments, and gap analysis on critical assets and business processes. - Advising stakeholders on security solutions and controls, ensuring alignment with regulatory and industry standards (e.g., HIPAA, Hi-Trust, ISO, NIST, GDPR). - Responding to emerging threats and vulnerabilities by recommending and implementing proactive security measures. - Preparing and delivering clear reports on architectural and risk findings to senior management. Supporting compliance initiatives and internal or external audits related to security and risk management. - Driving continuous improvement in security architecture, risk practices, and awareness throughout the organization. - Participating in special projects and other duties as assigned, driving ongoing improvement in security posture, risk management, and protection of sensitive information. Your work week will involve: - Conducting risk assessments and managing third-party vendor reviews or renewals. - Hosting and participating in meetings with engineering, compliance, and business teams to discuss security requirements and remediation plans. - Reviewing and evaluating architecture diagrams and technical designs for ongoing and upcoming projects. - Monitoring security controls, metrics, incident reports, and issues to identify and respond to risks or weaknesses. - Preparing documentation, executive summaries, and presentations for decision-makers and stakeholders. We are looking for a professional who possesses: - Strong experience in both security architecture and risk management, ideally in complex or regulated environments. - Proven ability to communicate technical concepts and security risks to both technical and non-technical audiences. - Experience conducting third-party risk assessments and managing vendor relationships. - Expertise in industry standards, regulatory compliance, and security frameworks (such as HIPAA, HI-Trust, ISO 27001, NIST 800-53, SOC2). - Proactive problem-solving skills with excellent analytical, organizational, and stakeholder management abilities. - Basic knowledge of AI technologies such as Generative AI, Artificial Neural Networks (ANN), Convolutional Neural Networks (CNN), and AI security.,